A developer using SSH to access AWS CodeCommit requires permissions to create and delete branches. What IAM permissions should be granted to adhere to the principle of least privilege?